OUR SECURITY PRACTICES
Security Statement
The Logilica Insights Platform applies best practice security controls. Below are some of the key elements we use to ensure the security of our and your data.
January 7, 2021
LOGILICA INSIGHTS SERVICE ACCESS CONTROL
Permissions
Our services provide role-based access control for authorization, allowing you to control who can access application settings, billing information, features, etc.
Password and Credential Storage
Credentials are salted and encrypted.
Data Hosting and Storage
Logilica hosts its infrastructure and data in Amazon Web Services (AWS). We follow AWS’ best practices which allows us to take advantage of their secured, distributed, fault tolerant environment. To find out more information about AWS security practices, see: https://aws.amazon.com/security/.
Back Ups and Monitoring
Logilica uses automation to backup all data stores that contain customer data. On an application level, we produce audit logs for all activities and use logs for security analysis.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. All access to the Logilica websites is restricted to HTTPS encrypted connections.
Encrypted Access
All access to repositories is performed using encrypted connections, either via SSH, TLS or HTTPS. Depending on the version control system, access to private repositories is obtained via an SSH token.
Encryption at Rest
The basic overview of repository security includes:
Our services provide role-based access control for authorization, allowing you to control who can access application settings, billing information, features, etc.
Password and Credential Storage
Credentials are salted and encrypted.
Data Hosting and Storage
Logilica hosts its infrastructure and data in Amazon Web Services (AWS). We follow AWS’ best practices which allows us to take advantage of their secured, distributed, fault tolerant environment. To find out more information about AWS security practices, see: https://aws.amazon.com/security/.
Back Ups and Monitoring
Logilica uses automation to backup all data stores that contain customer data. On an application level, we produce audit logs for all activities and use logs for security analysis.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. All access to the Logilica websites is restricted to HTTPS encrypted connections.
Encrypted Access
All access to repositories is performed using encrypted connections, either via SSH, TLS or HTTPS. Depending on the version control system, access to private repositories is obtained via an SSH token.
Encryption at Rest
The basic overview of repository security includes:
- We collect:
- messages, hexhash, and authors for commits
- metadata, metrics, file names, and technology types for commits
- the identifier, title, message, comments, and everyone that’s been involved for tickets and pull requests
- We keep an AES-256 encrypted copy of repository data when not actively processing the repository. If this is a concern, an alternate option would be to host Logilica on a VPC or on-premise.
- We will connect either by SSH, TLS or HTTPS, depending on your configuration.
- When you disconnect your repositories, all associated data is purged from the system within 48 hours.
Employee Access Restrictions to Customer Data
No Logilica staff will access private repository data unless required for support reasons, or responding to an incident. In cases where staff must access repository data in order to perform support, we will get your explicit consent each time, except when responding to a security issue or suspected abuse.
When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data and settings needed to resolve your issue.
No Logilica staff will access private repository data unless required for support reasons, or responding to an incident. In cases where staff must access repository data in order to perform support, we will get your explicit consent each time, except when responding to a security issue or suspected abuse.
When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data and settings needed to resolve your issue.
ADDITIONAL SECURITY INFORMATION
Training
All Logilica employees receive security awareness training.
Policies
Logilica has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with employees.
Employee Vetting
Logilica performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for Australian employees.
Confidentiality
All employee contracts include a confidentiality agreement.
Headquarters security
Logilica headquarters employs door personnel and badge access is required at all hours. Visitors are required to be escorted at all times.
PCI Obligations
When you purchase a paid Logilica subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.
Privacy Policy
For more detail around how we handle privacy, check out our Privacy Policy or reach out to your Logilica contact.
Reporting An Issue
Your input and feedback on our security as well as responsible disclosure is always appreciated. If you’ve discovered a security concern, please email us at [email protected]. We’ll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to promptly address any issues that arise.
All Logilica employees receive security awareness training.
Policies
Logilica has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with employees.
Employee Vetting
Logilica performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for Australian employees.
Confidentiality
All employee contracts include a confidentiality agreement.
Headquarters security
Logilica headquarters employs door personnel and badge access is required at all hours. Visitors are required to be escorted at all times.
PCI Obligations
When you purchase a paid Logilica subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.
Privacy Policy
For more detail around how we handle privacy, check out our Privacy Policy or reach out to your Logilica contact.
Reporting An Issue
Your input and feedback on our security as well as responsible disclosure is always appreciated. If you’ve discovered a security concern, please email us at [email protected]. We’ll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to promptly address any issues that arise.